We have a network share on one of our local servers in our office. When users log onto the domain in Windows on their laptops a script runs that maps the share to their P drive. It's basically a dropbox. I want to create a read-only text file on it in the root. I want to be the only person allowed to edit or delete it. The biggest issue is that most of the people on the network are admins. Can I do this? I do have complete access to the server as an admin so I'll do whatever it takes (other than removing admin access from the other people).

In similar situations I usually just added to the top of the file **** DO NOT DELETE **** comment. But, if it's a hostile situations (with regard to other admins) then that's another story ...
–
ldigasOct 14 '09 at 21:42

3 Answers
3

Can't be done, if everyone is an admin. One of the admin privileges is taking ownership of a file, and once they do that, they can change it however they like.

You could try taking the machine the file lives on off of the domain, and setting the permissions on the local machine, but that's bound to be a huge headache, and it'll make it very difficult to do granular permissions.

What sort of file is it? If it's just text, you might want to switch it to another format, one that can't be edited, or something. They would still be able to delete it, however.

That's what I thought. I just wanted to create a P Drive Rules.txt file and don't want people to edit or delete it. I think I'm going to just backup the file elsewhere on the server and have a scheduled .bat file run daily that checks if its still in the share and if not, copies it in.
–
MarkOct 14 '09 at 21:43

@Mark You might want to replace it regardless, just in case someone edited it during the day...
–
MargaretOct 14 '09 at 21:51

Are you admins savvy enough to "take ownership" of a file? Do they have admin rights to the box where the share is located? A couple of things you have to consider before doing security.

You can go to the security tab of the file, from the "Advanced" option, turn off "Inherit permissions from parent". Then from the Access List, remove everyone except for the user who needs it.

Second option would be to maintain a file lock on the file. If it's a text file, you might have use an editor other than notepad to accomplish that. For Word, Excel, etc. the program will maintain a lock on the network share.